In years gone by, launching a distributed denial-of-service (DDoS) attack required an advanced set of technical skills. Threat actors needed deeper knowledge to determine the most effective attack vector, but also an understanding of how to exploit weaknesses in servers or networks.
More recently, attacks have become highly sophisticated and more coordinated. They pose a considerable threat to critical infrastructure, which is a major concern given the importance of service availability in this area. Disruptions to these services can have wide-reaching consequences for both civilian populations and national security.
But what’s fuelling this rapid growth in attack capability? Increasingly, the answer lies in artificial intelligence (AI) and automation.
AI and automation as weapons
The pace at which DDoS hacktivists and opportunistic threat actors are proceeding with technology adaption is alarming – both in sophistication and scale. AI and automation are largely driving this; their use has transformed DDoS attack capabilities in a short space of time. Cybercriminals are using the technologies to supercharge their assaults, making attacks stronger and more agile. For example, threat actors are deploying AI-enhanced automation, which enables the scaling of attacks, allowing them to evade detection and adapt to evolving network defences in real time.
What’s more, AI integration is enabling attackers to create bots capable of mimicking human behaviour. This makes it harder for traditional DDoS defence tools to differentiate legitimate users from malicious traffic. For instance, when faced with a traditional defence like CAPTCHA systems – which are designed to distinguish between humans and automated bots – AI-powered tools can bypass these barriers with ease.
Meanwhile, automated functionalities allow cybercriminals to set up and carry out an attack in the space of a few minutes or even seconds. Users can then schedule attacks during peak business hours or low-security periods, for extended spells at specific times, maximising both disruption and impact.
It is also notable that AI and automation have made their way into DDoS-for-hire services. Commonly known as “booters” or “stressers” in the security community, these services are user-friendly and provide a ready-made infrastructure incorporating advanced features to rent.
In the case of DDoS-for-hire platforms, a large number employ automation – including attack scheduling, dynamic vector adjustment, rate monitoring, and repetition – to facilitate dynamic, multi-target campaigns and provide infrastructure exploitation methods such as carpet bombing and geo-spoofing. These capabilities empower even novice operators to launch sizeable DDoS attack campaigns, capable of causing significant damage.
Ultimately, AI-driven enhancements are making it harder for traditional DDoS defence tools, overwhelming mitigation systems with ease and rendering defences insufficient. Any period of disruption, whether it be seconds, minutes or hours, not only poses an operational risk to organisations but also has the potential to cost enterprises millions in revenue and cause long-lasting reputational damage.
The worry for businesses is that threat actors are only just beginning to tap into the potential of AI and automation – and the next wave of attacks is already taking shape.
Attack of the chatbots
In the next natural step in this evolution, cybercriminals are now integrating AI assistants into DDoS-for-hire platforms. For users, this means that instead of having to understand complex technical concepts, like attack vectors and targeted applications and services, they can simply describe their objectives to chatbots in natural language.
For example, a user might say something as straightforward as, “I want to knock my competitor’s platform offline during their Christmas sales”. This illustrates how operators no longer need to understand the mechanics, the attack vectors, or even the infrastructure of their targets. Just talk to the AI chatbot and the user is ready to go.
The integration of AI assistants and the use of “dark” large language models (LLMs), such as WormGPT and FraudGPT, adds further to the concern that traditional DDoS defences are no longer sufficient in protecting organisations from attacks.
Adjusting cyber defence to modern threats
AI and automation are undoubtedly aiding attackers, changing the dynamics of defending against DDoS attacks and providing an array of unique challenges for cybersecurity teams. Organisations that fail to prepare for AI-enhanced DDoS attacks risk being overwhelmed by threat actors operating at machine speed with human creativity. This age of AI-enhanced cyberwarfare demands equally intelligent defences.
Nevertheless, AI and automation are also emerging as tools businesses can use to bolster their cyber protection against DDoS attacks. With traditional defences becoming obsolete, businesses require a proactive, AI-driven approach to keep up with these threats and maintain security in this increasingly complex landscape.
The first strategic defence that organisations ought to implement is advanced monitoring tools. These solutions incorporate automation, which can spot patterns of automated behaviour. For instance, unforeseen changes in traffic that indicate an attack campaign is starting.
Secondly, enterprises should prioritise global threat intelligence. AI-powered real-time intelligence provides insights into emerging AI and automation-driven attack techniques, allowing businesses to proactively alter their defensive postures. It also enables cybersecurity teams to detect where DDoS attacks are taking place at any given moment. From here, organisations can automatically block IP addresses from known botnets and adversaries as they’re reported.
Enterprises must also strongly consider employing machine learning (ML) for behavioural analysis. Defensive tools with ML functionality can spot nuanced traffic trends which may point to DDoS attacks driven by AI or automation, quickly analysing vast swathes of data to detect indicators of abnormal behaviour.
What’s more, as automated DDoS campaigns can far outlast traditional attacks, preparedness for these prolonged attacks is a necessity. It is essential for organisations to ensure that defences remain scalable and resilient over time to sustain operations during extended assaults.
The complex and efficient nature of AI-enhanced DDoS attacks necessitates mitigation solutions that are equally effective and dynamic. By embracing these advanced solutions, enterprises can safeguard their networks from sustained, multifaceted assaults and ensure resilience, even when facing the most advanced AI-powered and automated DDoS campaigns. This will help organisations remain one step ahead of attackers in the ongoing fight against evolving DDoS threats.
